246 lines
8.4 KiB
JavaScript
246 lines
8.4 KiB
JavaScript
/*! @azure/msal-browser v4.2.1 2025-02-11 */
|
|
'use strict';
|
|
import { createBrowserAuthError } from '../error/BrowserAuthError.mjs';
|
|
import { PerformanceEvents } from '@azure/msal-common/browser';
|
|
import { KEY_FORMAT_JWK } from '../utils/BrowserConstants.mjs';
|
|
import { urlEncodeArr } from '../encode/Base64Encode.mjs';
|
|
import { base64DecToArr } from '../encode/Base64Decode.mjs';
|
|
import { nonBrowserEnvironment, cryptoNonExistent } from '../error/BrowserAuthErrorCodes.mjs';
|
|
|
|
/*
|
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
* Licensed under the MIT License.
|
|
*/
|
|
/**
|
|
* This file defines functions used by the browser library to perform cryptography operations such as
|
|
* hashing and encoding. It also has helper functions to validate the availability of specific APIs.
|
|
*/
|
|
/**
|
|
* See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
|
|
*/
|
|
// Algorithms
|
|
const PKCS1_V15_KEYGEN_ALG = "RSASSA-PKCS1-v1_5";
|
|
const AES_GCM = "AES-GCM";
|
|
const HKDF = "HKDF";
|
|
// SHA-256 hashing algorithm
|
|
const S256_HASH_ALG = "SHA-256";
|
|
// MOD length for PoP tokens
|
|
const MODULUS_LENGTH = 2048;
|
|
// Public Exponent
|
|
const PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]);
|
|
// UUID hex digits
|
|
const UUID_CHARS = "0123456789abcdef";
|
|
// Array to store UINT32 random value
|
|
const UINT32_ARR = new Uint32Array(1);
|
|
// Key Format
|
|
const RAW = "raw";
|
|
// Key Usages
|
|
const ENCRYPT = "encrypt";
|
|
const DECRYPT = "decrypt";
|
|
const DERIVE_KEY = "deriveKey";
|
|
// Suberror
|
|
const SUBTLE_SUBERROR = "crypto_subtle_undefined";
|
|
const keygenAlgorithmOptions = {
|
|
name: PKCS1_V15_KEYGEN_ALG,
|
|
hash: S256_HASH_ALG,
|
|
modulusLength: MODULUS_LENGTH,
|
|
publicExponent: PUBLIC_EXPONENT,
|
|
};
|
|
/**
|
|
* Check whether browser crypto is available.
|
|
*/
|
|
function validateCryptoAvailable(skipValidateSubtleCrypto) {
|
|
if (!window) {
|
|
throw createBrowserAuthError(nonBrowserEnvironment);
|
|
}
|
|
if (!window.crypto) {
|
|
throw createBrowserAuthError(cryptoNonExistent);
|
|
}
|
|
if (!skipValidateSubtleCrypto && !window.crypto.subtle) {
|
|
throw createBrowserAuthError(cryptoNonExistent, SUBTLE_SUBERROR);
|
|
}
|
|
}
|
|
/**
|
|
* Returns a sha-256 hash of the given dataString as an ArrayBuffer.
|
|
* @param dataString {string} data string
|
|
* @param performanceClient {?IPerformanceClient}
|
|
* @param correlationId {?string} correlation id
|
|
*/
|
|
async function sha256Digest(dataString, performanceClient, correlationId) {
|
|
performanceClient?.addQueueMeasurement(PerformanceEvents.Sha256Digest, correlationId);
|
|
const encoder = new TextEncoder();
|
|
const data = encoder.encode(dataString);
|
|
return window.crypto.subtle.digest(S256_HASH_ALG, data);
|
|
}
|
|
/**
|
|
* Populates buffer with cryptographically random values.
|
|
* @param dataBuffer
|
|
*/
|
|
function getRandomValues(dataBuffer) {
|
|
return window.crypto.getRandomValues(dataBuffer);
|
|
}
|
|
/**
|
|
* Returns random Uint32 value.
|
|
* @returns {number}
|
|
*/
|
|
function getRandomUint32() {
|
|
window.crypto.getRandomValues(UINT32_ARR);
|
|
return UINT32_ARR[0];
|
|
}
|
|
/**
|
|
* Creates a UUID v7 from the current timestamp.
|
|
* Implementation relies on the system clock to guarantee increasing order of generated identifiers.
|
|
* @returns {number}
|
|
*/
|
|
function createNewGuid() {
|
|
const currentTimestamp = Date.now();
|
|
const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff);
|
|
// Result byte array
|
|
const bytes = new Uint8Array(16);
|
|
// A 12-bit `rand_a` field value
|
|
const randA = Math.trunc(baseRand / 2 ** 30);
|
|
// The higher 30 bits of 62-bit `rand_b` field value
|
|
const randBHi = baseRand & (2 ** 30 - 1);
|
|
// The lower 32 bits of 62-bit `rand_b` field value
|
|
const randBLo = getRandomUint32();
|
|
bytes[0] = currentTimestamp / 2 ** 40;
|
|
bytes[1] = currentTimestamp / 2 ** 32;
|
|
bytes[2] = currentTimestamp / 2 ** 24;
|
|
bytes[3] = currentTimestamp / 2 ** 16;
|
|
bytes[4] = currentTimestamp / 2 ** 8;
|
|
bytes[5] = currentTimestamp;
|
|
bytes[6] = 0x70 | (randA >>> 8);
|
|
bytes[7] = randA;
|
|
bytes[8] = 0x80 | (randBHi >>> 24);
|
|
bytes[9] = randBHi >>> 16;
|
|
bytes[10] = randBHi >>> 8;
|
|
bytes[11] = randBHi;
|
|
bytes[12] = randBLo >>> 24;
|
|
bytes[13] = randBLo >>> 16;
|
|
bytes[14] = randBLo >>> 8;
|
|
bytes[15] = randBLo;
|
|
let text = "";
|
|
for (let i = 0; i < bytes.length; i++) {
|
|
text += UUID_CHARS.charAt(bytes[i] >>> 4);
|
|
text += UUID_CHARS.charAt(bytes[i] & 0xf);
|
|
if (i === 3 || i === 5 || i === 7 || i === 9) {
|
|
text += "-";
|
|
}
|
|
}
|
|
return text;
|
|
}
|
|
/**
|
|
* Generates a keypair based on current keygen algorithm config.
|
|
* @param extractable
|
|
* @param usages
|
|
*/
|
|
async function generateKeyPair(extractable, usages) {
|
|
return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages);
|
|
}
|
|
/**
|
|
* Export key as Json Web Key (JWK)
|
|
* @param key
|
|
*/
|
|
async function exportJwk(key) {
|
|
return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key);
|
|
}
|
|
/**
|
|
* Imports key as Json Web Key (JWK), can set extractable and usages.
|
|
* @param key
|
|
* @param extractable
|
|
* @param usages
|
|
*/
|
|
async function importJwk(key, extractable, usages) {
|
|
return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages);
|
|
}
|
|
/**
|
|
* Signs given data with given key
|
|
* @param key
|
|
* @param data
|
|
*/
|
|
async function sign(key, data) {
|
|
return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data);
|
|
}
|
|
/**
|
|
* Generates symmetric base encryption key. This may be stored as all encryption/decryption keys will be derived from this one.
|
|
*/
|
|
async function generateBaseKey() {
|
|
const key = await window.crypto.subtle.generateKey({
|
|
name: AES_GCM,
|
|
length: 256,
|
|
}, true, [ENCRYPT, DECRYPT]);
|
|
return window.crypto.subtle.exportKey(RAW, key);
|
|
}
|
|
/**
|
|
* Returns the raw key to be passed into the key derivation function
|
|
* @param baseKey
|
|
* @returns
|
|
*/
|
|
async function generateHKDF(baseKey) {
|
|
return window.crypto.subtle.importKey(RAW, baseKey, HKDF, false, [
|
|
DERIVE_KEY,
|
|
]);
|
|
}
|
|
/**
|
|
* Given a base key and a nonce generates a derived key to be used in encryption and decryption.
|
|
* Note: every time we encrypt a new key is derived
|
|
* @param baseKey
|
|
* @param nonce
|
|
* @returns
|
|
*/
|
|
async function deriveKey(baseKey, nonce, context) {
|
|
return window.crypto.subtle.deriveKey({
|
|
name: HKDF,
|
|
salt: nonce,
|
|
hash: S256_HASH_ALG,
|
|
info: new TextEncoder().encode(context),
|
|
}, baseKey, { name: AES_GCM, length: 256 }, false, [ENCRYPT, DECRYPT]);
|
|
}
|
|
/**
|
|
* Encrypt the given data given a base key. Returns encrypted data and a nonce that must be provided during decryption
|
|
* @param key
|
|
* @param rawData
|
|
*/
|
|
async function encrypt(baseKey, rawData, context) {
|
|
const encodedData = new TextEncoder().encode(rawData);
|
|
// The nonce must never be reused with a given key.
|
|
const nonce = window.crypto.getRandomValues(new Uint8Array(16));
|
|
const derivedKey = await deriveKey(baseKey, nonce, context);
|
|
const encryptedData = await window.crypto.subtle.encrypt({
|
|
name: AES_GCM,
|
|
iv: new Uint8Array(12), // New key is derived for every encrypt so we don't need a new nonce
|
|
}, derivedKey, encodedData);
|
|
return {
|
|
data: urlEncodeArr(new Uint8Array(encryptedData)),
|
|
nonce: urlEncodeArr(nonce),
|
|
};
|
|
}
|
|
/**
|
|
* Decrypt data with the given key and nonce
|
|
* @param key
|
|
* @param nonce
|
|
* @param encryptedData
|
|
* @returns
|
|
*/
|
|
async function decrypt(baseKey, nonce, context, encryptedData) {
|
|
const encodedData = base64DecToArr(encryptedData);
|
|
const derivedKey = await deriveKey(baseKey, base64DecToArr(nonce), context);
|
|
const decryptedData = await window.crypto.subtle.decrypt({
|
|
name: AES_GCM,
|
|
iv: new Uint8Array(12), // New key is derived for every encrypt so we don't need a new nonce
|
|
}, derivedKey, encodedData);
|
|
return new TextDecoder().decode(decryptedData);
|
|
}
|
|
/**
|
|
* Returns the SHA-256 hash of an input string
|
|
* @param plainText
|
|
*/
|
|
async function hashString(plainText) {
|
|
const hashBuffer = await sha256Digest(plainText);
|
|
const hashBytes = new Uint8Array(hashBuffer);
|
|
return urlEncodeArr(hashBytes);
|
|
}
|
|
|
|
export { createNewGuid, decrypt, encrypt, exportJwk, generateBaseKey, generateHKDF, generateKeyPair, getRandomValues, hashString, importJwk, sha256Digest, sign, validateCryptoAvailable };
|
|
//# sourceMappingURL=BrowserCrypto.mjs.map
|